Age | Commit message (Collapse) | Author |
|
In TIFFFillStrip, calls to TIFFReadBufferSetup may allocate large amounts of
memory. In this CL we do sanity checks on the claimed size of the raw strip
data before that happens, to prevent out-of-memory.
Bug: chromium:707431
Change-Id: I4e7c9a8630fad11d4f68a3ceccd71ffa511f4293
Reviewed-on: https://pdfium-review.googlesource.com/3811
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from mem methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I9d5ae905997dbaaec5aa0b2ae4c07358ed9c6236
Reviewed-on: https://pdfium-review.googlesource.com/3613
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from file methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I095c64fed69bf70e00a2594fa94a1fdc71a7060e
Reviewed-on: https://pdfium-review.googlesource.com/3610
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This Cl drops the FXSYS_ from math methods which are the same on all
platforms.
Bug: pdfium:694
Change-Id: I85c9ff841fd9095b1434f67319847ba0cd9df7ac
Reviewed-on: https://pdfium-review.googlesource.com/3598
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This Cl drops the FXSYS_ from string methods which are the same on
all platforms.
Bug: pdfium:694
Change-Id: I1698aafd84f40474997549ae91ce35603377e303
Reviewed-on: https://pdfium-review.googlesource.com/3597
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
After moving to a DEPS based FreeType checkout, integration with
Chromium no longer works correctly when pdf_bundle_freetype is set
to true, because relative paths would point to
third_party/pdfium/third_party/freetype, and that no longer exists.
BUG=pdfium:688
TBR=drott@chromium.org,dsinclair@chromium.org,npm@chromium.org
Change-Id: I346072ddc1052d25be58ca1610f6d1c002fc03ef
Reviewed-on: https://pdfium-review.googlesource.com/3556
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
BUG=chromium:541704
Change-Id: I313d8853450ff5940b3baa4054ff441b342c46b7
Reviewed-on: https://pdfium-review.googlesource.com/3350
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
BUG=pdfium:688
Change-Id: I7787b29d0fedc48f1360ab041d43829d0e805462
Change-Id: I7787b29d0fedc48f1360ab041d43829d0e805462
Reviewed-on: https://pdfium-review.googlesource.com/3331
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
CL list:
https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
https://github.com/vadz/libtiff/commit/b4b41925115059b49f97432bda0613411df2f686
Bug: chromium:706349
Change-Id: I782156e7486919a62e25eeb95cb8699f1b2c5ee1
Reviewed-on: https://pdfium-review.googlesource.com/3374
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This reverts commit 21362ee6370e6ef0f5a8275af5afde3f127887c9.
Reason for revert: Breaks win_clang.
Original change's description:
> Enable Wshift-negative-value in PDFium.
>
> BUG=chromium:507717
>
> Change-Id: If0030640497ce103de7713f8497570602950a2b6
> Reviewed-on: https://pdfium-review.googlesource.com/3270
> Commit-Queue: Nico Weber <thakis@chromium.org>
> Reviewed-by: Nico Weber <thakis@chromium.org>
>
TBR=thestig@chromium.org,thakis@chromium.org,pdfium-reviews@googlegroups.com
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=chromium:507717
Change-Id: I4d482b6b7dade74373995f6d9cfdc6d1d66431a3
Reviewed-on: https://pdfium-review.googlesource.com/3410
Reviewed-by: Nico Weber <thakis@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Add a public config to fxfreetype to make includes visible and provide a
freetype_common group as a public dependency on fxcrt. freetype_common
switches between fxfreetype and //build/config/freetype, which gives
embedders the flexibility to configure the source of FreeType.
BUG=chromium:700926
Change-Id: I73ae26979dcf69a419485def23c7a13dffa2a15d
Reviewed-on: https://pdfium-review.googlesource.com/2971
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
BUG=pdfium:601
Change-Id: I07756cd208cd2221802ff2d331f316b6618a41e0
Reviewed-on: https://pdfium-review.googlesource.com/3120
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: I024573f341cba48d9f5d2bc38683a016639b14e2
Reviewed-on: https://pdfium-review.googlesource.com/3119
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
|
|
This CL fixes the only caller to TIFFReadDirEntryData with potentially large
size so that we avoid big mallocs when we know we will fail. It does this as
follows:
- Avoid the unnecessary computations if datasize is very small. We don't want
to be slower in this case.
- If !isMapped(tif), we will Seek and Read. Check that ending position is
reachable. In the other case, do a simple check for out of bounds.
Bug: chromium:681311
Change-Id: Ia172d8b4d401753b7c8d5455dc1ada5335f6fa6b
Reviewed-on: https://pdfium-review.googlesource.com/3253
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
BUG=chromium:507717
Change-Id: If0030640497ce103de7713f8497570602950a2b6
Reviewed-on: https://pdfium-review.googlesource.com/3270
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
|
|
This is the same version used by Chromium (as
also the latest release of zlib).
BUG=687631
Change-Id: Ia4bcdee3c36443ba01914d157ea795d7fb881a45
Reviewed-on: https://pdfium-review.googlesource.com/3096
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Change-Id: If3f67767f738b7f23230ca8c37c9af2e31696e82
Reviewed-on: https://pdfium-review.googlesource.com/3117
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Ue it to fix a typo as well.
BUG=pdfium:634
Change-Id: I2d686242ffb841aedc2fae6a3cf7a00bea667404
Reviewed-on: https://pdfium-review.googlesource.com/3113
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
We'll add callers in a later CL.
BUG=pdfium:678
Change-Id: I98c8b2832c4750df326218e24ee8c1bd33b89b50
Reviewed-on: https://pdfium-review.googlesource.com/3066
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Avoid writing |Type| in CollectionSize<Type>() so that index
type can change without rewriting conditions.
Change-Id: I40c94ca39148b379908760ba9b861114b88af7bb
Reviewed-on: https://pdfium-review.googlesource.com/3056
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
|
|
Change-Id: I158b7d80b0ec28b742a9f2d5a96f3dde7fb3ab56
Reviewed-on: https://pdfium-review.googlesource.com/3031
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
The undefined shifts in libopenjpeg are sometimes used as divisors. This CL
checks that we are not trying to divide by 0 or mod by 0 in some places in
pi.c.
BUG=chromium:699491
Change-Id: Iaf629112437068d6479dbbb52b339bec6edefed0
Reviewed-on: https://pdfium-review.googlesource.com/2962
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This happens to fix the bug in question but I suspect they still do not
have enough checks to prevent undefined shifts. Patch:
https://github.com/uclouvain/openjpeg/pull/762/commits/5afb4d0546dd1b0a162b4e895cfdcfa4b32f1180
BUG=694042
Change-Id: I9466eb2b095f07233517ff5f1bcb0c2437be78ac
Reviewed-on: https://pdfium-review.googlesource.com/2888
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Original patch: https://pdfium-review.googlesource.com/c/2830/
Procedure: revert original patch, cherry-pick it, fix spacing, use git
diff to obtain the new patch file (index changed).
Change-Id: I1b5d2fd3cc17780c9428417fb1cd1e6b9a05f1fc
Reviewed-on: https://pdfium-review.googlesource.com/2848
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Patch:
https://github.com/mm2/Little-CMS/commit/9f427d5ff544ab1be37f485ac13b2419a1610cc3
BUG=696430
Change-Id: I20b8b4aad565d6f6aaed8c66be7e9709eec2b5ce
Reviewed-on: https://pdfium-review.googlesource.com/2849
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Tables should be freed before they are reassigned. This CL fixes the three
places where this is not happening.
BUG=694599
Change-Id: I4e7cf1a6354b1129ecaf7ddcc74d8a36ba289df7
Reviewed-on: https://pdfium-review.googlesource.com/2830
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Patch that fixes LUT consistency:
https://github.com/mm2/Little-CMS/commit/9936ecf0745002cea8e46dc575079b4872e9af8c
Patch that sanitizes MPE profiles:
https://github.com/mm2/Little-CMS/commit/06662a755525586223efe1790da1497d5b2d9e67
BUG=675617
Change-Id: I9ccc4158432387360dcb358e2a015a9434df46e4
Reviewed-on: https://pdfium-review.googlesource.com/2820
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This Cl converts several uses of TransformPoint to use Transform(CFX_PointF).
Change-Id: I9bc3c484e0a4304b904584218bd9e59dec7db727
Reviewed-on: https://pdfium-review.googlesource.com/2791
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Nicolás Peña <npm@chromium.org>
|
|
Patch:
https://github.com/uclouvain/openjpeg/commit/20789fed4ec7746e938dd2934a1fb5aa352f4d12
BUG=657440
Change-Id: Ic2320cd4baabbd7bc09ec428c5f49b7ab3e7eb66
Reviewed-on: https://pdfium-review.googlesource.com/2795
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
This CL removes the two Transform() overrides from CFX_Matrix and calls the
TransformPoint methods directly. In the case of the 4 param version the
values were assigned to the out values before calling.
Change-Id: Id633826caec75b848774dcda6cfdcef2dbf5a7db
Reviewed-on: https://pdfium-review.googlesource.com/2573
Reviewed-by: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Commit:
https://github.com/vadz/libtiff/commit/b5065f39ebc8b125aaa790f9003988c0d675f814
BUG=681305
Change-Id: I4e6c166f892bdac83b45e5518302bfd9cbcbd332
Reviewed-on: https://pdfium-review.googlesource.com/2571
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Upstream commits:
https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
BUG=690124
Change-Id: I8388ae37e94f4e62cd8f9688baf9cf5416348d0c
Reviewed-on: https://pdfium-review.googlesource.com/2558
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
tif_data and tif_cleanup are both set on the TIFFInit methods, see for
instance TIFFInitPixarLog. If PredictorSetupDecode fails, whatever was
filled on tif_data should be cleaned up. The previous leak fix from
PixarLogSetupDecode is no longer necessary.
BUG=683834
Change-Id: Ib7dec3fb8addd56fa20f2e85c4ee918222a5f97e
Reviewed-on: https://pdfium-review.googlesource.com/2432
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Using int64 to check whether uint32 operations have overflowed.
BUG=681300
Change-Id: I4470d34f2e5e61c0bf96f1c8587cdb7805afe87b
Reviewed-on: https://pdfium-review.googlesource.com/2355
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Replaced (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b) with
opj_uint_ceildiv(a, b), which makes much more sense.
BUG=683156
Change-Id: Ie9d6736f4ec0f16d14f203850a14f0dabd73ee38
Reviewed-on: https://pdfium-review.googlesource.com/2352
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
m_decorrelation_array and m_offset_array can be assigned to l_mct_data,
which can be set in opj_j2k_read_mct. In this method, there can be an
early true return before allocating m_data but after freeing it.
BUG=678342
Change-Id: Id9ea3cc57a9a278deb1540e5db8a94db86018fd6
Reviewed-on: https://pdfium-review.googlesource.com/2350
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
Fix callers conventions to avoid ambiguity.
Fix bad bounds check unmasked by change.
Directly include headers no longer pulled in by numerics itself.
Review-Url: https://codereview.chromium.org/2640143003
|
|
The call may come from TIFFReadRGBAImageOriented, and there no cleanup
is done. So free the memory allocation on failure.
BUG=681301
Change-Id: I4ac7db03d18eddd3117649ca185dffdcc9189870
Reviewed-on: https://pdfium-review.googlesource.com/2252
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
If we do not do this check, it will overflow to a huge unsigned int, so
we will allocate a lot of memory etc.
BUG=682182
Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff
Reviewed-on: https://pdfium-review.googlesource.com/2272
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
If rb is allocated memory but p != q, then it will not be assigned to
sp->actable[m], so it will leak.
BUG=680520
Change-Id: Ib0b178b043b2a9821fb289d033ca0ab52e4cbe48
Reviewed-on: https://pdfium-review.googlesource.com/2176
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
Patch has been accepted upstream, see:
http://bugzilla.maptools.org/show_bug.cgi?id=2658
BUG=655008
Change-Id: I7ef69e6f71e66bd7e0a4d334c4f8e60ed02213d2
Reviewed-on: https://pdfium-review.googlesource.com/2174
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
|
|
My previous attempt did not follow precisely the way m_nb_mcc_records
is increased in opj_j2k_read_mcc.
Previous: https://pdfium-review.googlesource.com/c/2165/
BUG=678461, 680102
Change-Id: I3e14c440e3a49b714f8cd82d44992fe647200336
Reviewed-on: https://pdfium-review.googlesource.com/2171
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Now we update m_nb_mct_records only when there was a new mct record, and
l_mct_data computations all went through. In previous version, the
++l_tcp->m_nb_mcc_records was in the end, without the if. Notice that
this is similar to the analoguous in opj_j2k_read_mcc.
CL that changed the calculation:
https://github.com/uclouvain/openjpeg/commit/7a8cdc4bb071494fccf4714413191a52eb924b60
BUG=678461
Change-Id: I9a9e7eb03d1da085f8eb15a221a6bc0a91736662
Reviewed-on: https://pdfium-review.googlesource.com/2165
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
The td_refblackwhite value is currently assigned without validation. This
may pose an issue as the image can specify the value as nan. This will cause
problems later when we use the nan in calcluations.
This CL validates each of the float values are not nan and if they are sets
them to the default provided by the TIFF spec v6.
BUG=chromium:632883
Change-Id: I17b01f744d3f5247c4bd3f42765a27b611dc7d8c
Reviewed-on: https://pdfium-review.googlesource.com/2151
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
This CL initializes the raw tif data to guard against unitialized memory access.
BUG=chromium:677377
Change-Id: If272fafacd996c2e93a41fb6e477661dc0c5492c
Reviewed-on: https://pdfium-review.googlesource.com/2150
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
This CL makes the fix to the bug equal to that which has now been
submitted upstream. Link:
https://github.com/vadz/libtiff/commit/fa6b22a5135fdeabe860097c04f298ca0ae7f2e1
Our original CL for fixing the bug:
https://codereview.chromium.org/2545723004/
BUG=657473
Change-Id: I52ae6a062ac07a0e20d0ba4ab823cbbf1d2b1ac1
Reviewed-on: https://pdfium-review.googlesource.com/2136
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
|
|
This is partially backported from upstream
https://github.com/mm2/Little-CMS/commit/4011a6e3
BUG=chromium:665054
Review-Url: https://codereview.chromium.org/2577963007
|
|
BUG=chromium:666705
Review-Url: https://codereview.chromium.org/2538703002
|
|
The method to create image can fail even after ycbcr has been set, so
the current way to release is not enough. TIFFRGBAImageEnd is safe in
that it checks for existence before deleting, and deletes whatever has
been created.
BUG=657473
Review-Url: https://codereview.chromium.org/2545723004
|
|
The diff isn't well displayed in Rietveld, and I had to do some interpretation
here, as it wasn't clear what code page these files were pretending to use.
The left quotes were 0x92, the right quote + \n had been converted to ?, and
the negative infinity was 0x96. (I assume maybe Mac something.)
In any case, I tried to interpret the comments and make them something sensible.
In the worst case, it's "only" comments that are broken, as no actual code was
modified.
R=tsepez@chromium.org, brucedawson@chroium.org
BUG=637203,454858
Review URL: https://codereview.chromium.org/2545593002 .
|